Comment 1 for bug 1365961
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Dangerous iptables rule generated in case of protocol "any" and destination-port usage | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
There is a possible argument that this violates the principle of least surprise, but I tend to agree that fixing it would be more a security-hardening measure and not something we would need kept under embargo.
If people have accidentally applied too-loose firewall rules through this mistake, making this bug public can only help them find out and clean it up sooner. Would-be attackers, on the other hand, are not going to find out about loose security rules on some victim's network simply due to disclosure of this bug (likely they will have already found out through arbitrary network scans). Thus, keeping this bug private under embargo would serve only to make the situation worse.